Brian Payne

Senior Security Consultant, Enterprise Incident Management

Brian Payne is a senior security consultant in Optiv’s enterprise incident management practice. Brian focuses on helping organizations through some of the most difficult situations they experience: intrusions, breaches and large financial loss. Brian has guided many Fortune 500 client organizations through these troubling events and assisted in active response to today’s modern threats.

Escape and Evasion Egressing Restricted Networks – Part 2

Attackers and security assessors alike are utilizing a technique called domain fronting, which masks malicious command and control (C2) traffic. This blog post revisits this type of evasive offensive cyber operations, which we first covered in a previous post. In this follow-up, we will discuss and demonstrate a nuance to domain fronting, which establishes command and control (C2) channels directly to inbox.google.com as well as other *.google.com applications, and the C2 channel is even encrypted with the legitimate Google SSL Certificate for that application. We'll further share some detection techniques that can be employed in an effort to identify this type of malicious traffic.